Study guides, Class notes & Summaries

CSSLP Domain 4 - Secure Software Implementation/Coding Exam Questions and Answers 100% Pass Software developers writes software programs PRIMARILY to A. create new products B. capture market share C. solve business problems D. mitigate hacker threats - Correct Answer ️️ -C. solve business problems The process of combining necessary functions, variable and dependency files and libraries required for the machine to run the program is referred to as A. compilation B. interpretation C...

Official (ISC)² CSSLP - Domain 1: Secure Software Concepts Exam Questions and Answers 100% Correct Accountability - Correct Answer ️️ -A security concept that protects against repudiation threats. Auditing - Correct Answer ️️ -A security concept that addresses the logging of transactions so that at a later time a history of transactions can be built, if needed. It answers the question, "Who (subject) did what (action) when (timestamp) and where (object)?" Authentication - Cor...

CSSLP Domain 6 - Software Acceptance Exam Questions and Answers 100% Correct Your organization has the policy to attest the security of any software that will be deployed into the production environment. A third party vendor software is being evaluated for its readiness to be deployed. Which of the following verification and validation mechanism can be employed to attest the security of the vendor's software? A. Source code review B. Threat modeling the software C. Black box testing D....

Official (ISC)² CSSLP - Domain 2: Secure Software Requirements Exam Questions and Answers 100% Pass Abuse case - Correct Answer ️️ -An analysis technique that models the unintended behavior of the software or system by taking a hostile user perspective. CRUD (create, read, update, delete) - Correct Answer ️️ -The four primary procedures or ways a system can manipulate information. Data Lifecycle Management - Correct Answer ️️ -A policy-based approach to managing the flow of a...

CSSLP Sample Exam (2024) Questions and Answers 100% Pass QUESTION 1 An organization has signed a contract to build a large Information System (IS) for the United States government. Which framework, guideline, or standard would BEST meet government information processing requirements? A. Control Objectives for Information and Related Technology (COBIT) B. Information Technology Infrastructure Library (ITIL) C. National Institute of Standards and Technology (NIST) D. International Organiz...

Official (ISC)² CSSLP - Domain 5: Secure Software Testing Exam Questions and Answers 100% Pass Attack surface validation - Correct Answer ️️ -Determining if the software has exploitable weakness (attack surface). Black box test - Correct Answer ️️ -Usually described as focusing on testing functional requirements. Functional testing - Correct Answer ️️ -Software testing is performed primarily to attest to the functionality of the software as expected by the business or custom...

Official (ISC)² CSSLP Domain 7: Software Deployment, Operations, and Maintenance Exam Questions and Answers 100% Pass Authorization to operate - Correct Answer ️️ -The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the...

CSSLP Domain 5 - Secure Software Testing Exam Questions and Answers 100% Pass The ability of the software to restore itself to expected functionality when the security protection that is built in is breached is also known as A. redundancy B. recoverability C. resiliency D. reilability - Correct Answer ️️ -B. recoverability In which of the following software development methodologies does unit testing enable collective code ownership and is critical to assure software assurance? A. ...

Official (ISC)² CSSLP - Domain 7: Software Deployment, Operations, Maintenance and Disposal Exam Questions and Answers 100% Pass Audits - Correct Answer ️️ -Monitoring mechanisms by which an organization can ascertain the assurance aspects of the network, systems, and software that they have built or bought. Cause mapping - Correct Answer ️️ -A problem solving method that draws out, visually, the multiple chains of interconnecting causes that lead to an incident. The method, wh...

CSSLP Exam Guide with 100% Complete Solutions Which access control mechanism provides the owner of an object the opportunity to determine the access control permissions for other subjects? a. Mandatory b. Role-based c. Discretionary d. Token-based - Correct Answer ️️ -Discretionary The elements UDI and CDI are associated with which access control model? a. Mandatory access control b. Clark-Wilson c. Biba integrity d. Bell-LaPadula confidentiality - Correct Answer ️️ -Clark-Wil...